[ASK] Squid proxy tidak bisa browsing

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

[ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 06 Nov 2012, 08:12

Selamat pagi mastah mastah, sebelumnya saya memperkenalkan diri dulu karna baru di forum ini hehe.

==================================

Nama : Hendra Wahyu Saputro
Alamat : Bogor
Pekerjaan : Mahasiswa

==================================

Saya mau bertanya, kepada mastah mastah disini. saya sudah install squid proxy dengan mengikuti tutorial tutorial di berbagai forum dan website, dengan topologi seperti ini.

==========Squid Proxy
==============||
Modem======Mikrotik======Client

Modem saya jadikan bridge sehingga yg mendial adalah mikrotik.
============================
1. IP modem : 192.168.0.1
2. Mikrotik :
- Public = 192.168.0.2
- Local = 10.10.10.1
- Proxy = 192.168.11.1
3. Ip Proxy = 192.168.11.11
============================

Yang saya bingungkan kenapa saya tidak bisa browsing, yg bisa browsing hanya facebook, youtube, google. untuk website lain tidak bisa, bahkan youtube pun tidak bisa buffer. untuk game online pun tidak bisa. setiap saya browsing selain website di atas pasti ter block.

sudah 3 kali dan lembur 2 hari saya install ulang setting kembali install ulang setting kembali tapi tetep sama kendalanya. :cry:

mohon bantuannya, karena saya newbie sekali tentang squid dan baru belajar. :grin:

Berikut squid.conf yang saya gunakan dan dapat kan dari tutorial di web lain dan sudah saya edit untuk menyesuaikan jaringan dan proxy saya.

# Port
http_port 3128 transparent
icp_port 3130
prefer_direct off

server_http11 on

# Cache

cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
max_filedesc 8192
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 128 KB

ipcache_size 10240
ipcache_low 98
ipcache_high 99
fqdncache_size 4096

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir aufs /cache1 20000 16 256 # untuk partisi /cache1 20GB

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
pid_filename /var/run/squid.pid
cache_swap_log /var/log/squid/swap.state
dns_nameservers /etc/resolv.conf
emulate_httpd_log off
hosts_file /etc/hosts
half_closed_clients off
negative_ttl 1 minutes

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 873 # https snews rsync
acl Safe_ports port 80 # http
acl Safe_ports port 20 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 631 # cups
acl Safe_ports port 10000 # webmin
acl Safe_ports port 901 # SWAT
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 110 # POP3
acl Safe_ports port 25 # SMTP
acl Safe_ports port 2095 2096 # webmail from cpanel
acl Safe_ports port 2082 2083 # cpanel

acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports !SSL_ports
http_access deny CONNECT !SSL_ports !Safe_ports

# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private
refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth

#sound & video
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private

# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire ignore-no-cache ignore-auth

# -- refresh pattern for specific sites -- #
refresh_pattern ^http://*.jobstreet.com.*/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache
refresh_pattern ^http://*.indowebster.com.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.21cineplex.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
refresh_pattern ^http://*.atmajaya.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.kompas.*/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.theinquirer.*/.* 720 100% 10080 override-expire ignore-no-cache ignore-auth
refresh_pattern ^http://*.blogspot.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.wordpress.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^http://*.photobucket.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.tinypic.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.imageshack.us/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.kaskus.*/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://video.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.liputan6.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.friendster.com/.* 720 100% 10080 override-expire override-lastmod ignore-no-cache ignore-auth
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://cooking.game.playspoon.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern -i http://[^a-z\.]*onemanga\.com/? 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://media?.onemanga.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.google.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.forummikrotik.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.linux.or.id/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth

#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# ALLOWED ACCESS
acl localnet src 10.10.10.0/24 #IP lokal kamu
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow localnet
icp_access allow localhost
icp_access deny all
always_direct deny all


cache_mgr admin@telkom.net.id
visible_hostname inilah-proxy-ku
cache_effective_user proxy
cache_effective_group proxy
coredump_dir /var/spool/squid
shutdown_lifetime 10 seconds
logfile_rotate 14

#-----------------------------------------------------------------#
#tcp_outgoing_tos 0x30 localnet
#-----------------------------------------------------------------#

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136
User avatar
sayed
Posts: 137
Joined: 21 Jul 2011, 16:19
Location: Lhokseumawe, Aceh
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby sayed » 06 Nov 2012, 17:22

mungkin maximum_object_size berpengaruh tuh
coba disable bagian maximum_objectnya
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 06 Nov 2012, 20:49

Oke saya coba malam ini, terima kasih sarannya. nanti hasilnya saya beri tahu lagi ^_^
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby q_p » 06 Nov 2012, 21:09

@HendraWahyu:
Halo Mas HendraWahyu, saya coba bantu ya dengan mengurainya satu per satu.
1. Bypass squid dulu, lakukan test client bisa browsing tidak? Jika bisa permasalahan kemungkinan ada di squid.conf atau firewall/routing mikrotik.
2. Jika permasalahan ada di suid, lakukan konfigurasi dasar dulu. pelan2 di sesuaiakan dengan dengan kondisi jaringan untuk mencapai performa yang optimum.
3. Untuk masalah firewall/routing di mikrotik, mohon maaf saya tidak bisa bantu.
BTW, kenapa tidak dijadikan satu saja di Ubuntu server (sehingga full-openSource)?, bisa kok diisi:
- DHCPServer - DNSServer -ProxyServer -NTPserver -LAMPserver -webHTB -Samba_CUPS -firewall.
Semoga membantu.
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 06 Nov 2012, 21:34

tadinya kalo saya tau ubuntu server bisa untuk semuanya dan bandwith juga saya ga beli mikrotik. udah terlanjur beli mikrotik 2 hari yang lalu T_T . ini saya mulai penginstallan ulang lagi, apa saja paket yg harus saya install? openSSH saja kah? ubuntu server ini di gunakan untuk proxy external saja
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby q_p » 06 Nov 2012, 22:16

@HendraWahyu;
Simpan saja mikrotik-nya, coba dulu link ini..
Semoga meng-inspirasi anda.
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 06 Nov 2012, 23:27

wah saya juga lagi progress mengikuti tutorial itu. ini baru bisa konek ke internet setelah setting NAT nya ^_^

saya sedang coba dan belajar secara bertahap, linux memang keren yah hehe
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 07 Nov 2012, 16:34

Saya suah install squid proxy di server ubuntu 10.10 full open sourde, browsing jalan lancar tetapi tidak ter cache oleh squid. membuat iptables sudah untuk forward ke port 3128. permasalahannya dimana yah? tolong bantu para master master :(
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby q_p » 07 Nov 2012, 18:39

Selamat ya, progress-nya bagus.
Pastikan squid sudah jalan dengan perintah :

Code: Select all

ps aux | grep squid
Kalau jalan, muncul yang seperti ini (note= dua baris pertama):

Code: Select all

root      1880  0.0  0.0  23508   788 ?        Ss   Oct12   0:00 /usr/sbin/squid -D -YC
proxy     1883  2.3  0.8 120916 68792 ?        Sl   Oct12 910:01 (squid) -D -YC
proxy    10038  0.0  0.1  17508  9352 ?        S    03:59   0:39 (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
proxy    10039  0.0  0.0  15440  7200 ?        S    03:59   0:06 (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
proxy    10040  0.0  0.0  15052  6908 ?        S    03:59   0:02 (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
proxy    10041  0.0  0.0  15052  6828 ?        S    03:59   0:01 (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
proxy    10042  0.0  0.0  14920  6748 ?        S    03:59   0:01 (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
proxy    10043  0.0  0.0  16980  2096 ?        S    03:59   0:00 /usr/bin/perl /etc/squid/storeurl.pl
proxy    10044  0.0  0.0  16852  2080 ?        S    03:59   0:00 /usr/bin/perl /etc/squid/storeurl.pl
root     22456  0.0  0.0   7640   984 pts/1    S+   18:33   0:00 grep --color=auto squid
root     31707  0.0  0.0   9768   876 pts/2    S+   15:00   0:00 tail -f /var/log/squid/access.log
CMIIW.
Semoga membantu.
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 08 Nov 2012, 00:24

saya muncul hanya 3 baris ini, sudah bener apa belum? tapi kok proxy belum bisa cache yah :(

Code: Select all

root      1037  0.0  0.1   4876   732 ?        Ss   00:23   0:00 /usr/sbin/squid -D -YC
proxy     1040  1.0  0.9  15828  4968 ?        Sl   00:23   0:00 (squid) -D -YC
root      1066  0.0  0.1   3456   768 pts/0    S+   00:23   0:00 grep --color=auto squid
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 08 Nov 2012, 01:28

proxynya masih tidak jalan, tidak bisa cache sama sekali. mungkin ada salah pengaturan. saya coba install ulang lagi ubuntu servernya agar bersih semua dan setting kembali ^_^
User avatar
HendraWahyu
Posts: 23
Joined: 06 Nov 2012, 07:54
Location: Bogor
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby HendraWahyu » 08 Nov 2012, 09:59

saya sudah install lagi, mengikuti tutorial sama semua. tapi tetap sama tidak jalan :(. padahal saya sudah men direct ke proxy server port 80,880 ke port 3128
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby sipelaut » 08 Nov 2012, 13:20

copas dimari hasil iptablesnya masbro...
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [ASK] Squid proxy tidak bisa browsing

Postby q_p » 08 Nov 2012, 14:14

[quote=HendraWahyu]saya muncul hanya 3 baris ini, sudah bener apa belum? tapi kok proxy belum bisa cache yah :(

Code: Select all

root      1037  0.0  0.1   4876   732 ?        Ss   00:23   0:00 /usr/sbin/squid -D -YC
proxy     1040  1.0  0.9  15828  4968 ?        Sl   00:23   0:00 (squid) -D -YC
root      1066  0.0  0.1   3456   768 pts/0    S+   00:23   0:00 grep --color=auto squid
Proxy sudah jalan. Coba lakukan browsing di client dan pantau dengan perintah

Code: Select all

tail -f /var/log/squid/access.log
atau di bawah ini jika ter-install ccze =
tail -f /var/log/squid/access.log | ccze
atau di bawah ini untuk melihat HIT-nya.
tail -f /var/log/squid/access.log | grep HIT

saya sudah install lagi, mengikuti tutorial sama semua. tapi tetap sama tidak jalan frown. padahal saya sudah men direct ke proxy server port 80,880 ke port 3128
Yang diredirect port 80 saja
[quote=sipelaut]copas dimari hasil iptablesnya masbro...
saya tambahkan ya, squid.conf -nya di-copas disini juga.
Semoga membantu.